CN105654168A - Embedded intelligent safety module, safety hardware device, safe data processing system and operation method of embedded intelligent safety module - Google Patents
Embedded intelligent safety module, safety hardware device, safe data processing system and operation method of embedded intelligent safety module Download PDFInfo
- Publication number
- CN105654168A CN105654168A CN201511006076.6A CN201511006076A CN105654168A CN 105654168 A CN105654168 A CN 105654168A CN 201511006076 A CN201511006076 A CN 201511006076A CN 105654168 A CN105654168 A CN 105654168A
- Authority
- CN
- China
- Prior art keywords
- data
- embedded
- micro
- control unit
- intelligent
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/073—Special arrangements for circuits, e.g. for protecting identification code in memory
- G06K19/07309—Means for preventing undesired reading or writing from or onto record carriers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K19/00—Record carriers for use with machines and with at least a part designed to carry digital markings
- G06K19/06—Record carriers for use with machines and with at least a part designed to carry digital markings characterised by the kind of the digital marking, e.g. shape, nature, code
- G06K19/067—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components
- G06K19/07—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips
- G06K19/0723—Record carriers with conductive marks, printed circuits or semiconductor circuit elements, e.g. credit or identity cards also with resonating or responding marks without active components with integrated circuit chips the record carrier comprising an arrangement for non-contact communication, e.g. wireless communication circuits on transponder cards, non-contact smart cards or RFIDs
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Microelectronics & Electronic Packaging (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Theoretical Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Mobile Radio Communication Systems (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses an embedded intelligent safety module, an operation method thereof and a safe hardware device. The embedded intelligent safety module comprises a micro-control unit and an intelligent IC chip. The micro-control unit is provided with at least one preset communication interface. The preset communication interface is used as the peripheral interface of the embedded intelligent safety module. The micro-control unit performs bidirectional communication with the intelligent IC chip through a first preset communication protocol. The micro-control unit is used for performing data analysis and transcoding between the micro-control unit and the intelligent IC chip. According to the embedded intelligent safety module, through arranging the micro-control unit for data analysis and transcoding on the intelligent IC chip, and using the preset communication interface on the micro-control unit as the peripheral interface of the embedded intelligent safety module, interface compatibility of the embedded intelligent safety module is improved. Furthermore, because the intelligent IC chip is packaged in the embedded intelligent safety module for forming a semi-closed environment, safety in use of the intelligent IC chip is greatly improved.
Description
Technical field
The present invention relates to security appliance field, particularly a kind of embedded intelligence security module,Secure hardware device, system and method for work.
Background technology
Embedded product is day by day universal, becomes an indispensable part in daily life.Fig. 1 is the structured flowchart of a kind of embedded intelligence security module in prior art, as shown in Figure 1,This embedded intelligence security module comprises: intelligent IC chip 1, the communication of intelligent IC chip 1Interface 2 is as the peripheral interface of embedded intelligence security module. When embedded intelligence security moduleBe embedded in and be embedded into after hardware device, intelligent IC chip 1 directly be embedded into hardware devicePeripheral interface carries out transfer of data.
In the technology application of Vehicles Collected from Market, all embedded schemes that relates to intelligent IC chipAll need to follow its contact communication protocol---ISO7816 communication protocol, i.e. embedded intelligenceThe peripheral interface of security module is only supported ISO7816 communication protocol, and this makes the embedded intelligence of demandThe peripheral interface that is embedded into hardware device of energy security module is supported ISO7816 communication protocol, fromAnd cause the interface compatibility of embedded intelligence security module poor.
In actual applications, because ISO7816 communication protocol is unique communication that industry is usedAgreement, have demand for security equipment use time need to carry out the most hardware device that is embedded intoMeet the improvement of industry standard, this has caused whole secure hardware device (to comprise: embedded intelligenceCan security module be embedded into hardware device) prolongation in actual development cycle and the shakiness of communicating by letterFixed. In addition,, after intelligent IC chip is safeguarded and upgraded, be embedded into accordingly hardware and establishStandby also need to carry out suitable adjustment, however relatively multiple owing to being embedded into the structure of hardware deviceAssorted, so that workload in escalation process is larger, and adjustment work is not easy to carry out, Jin ErzaoBecome user to use not convenient; Meanwhile, due to the unique of intelligent IC chip communication mode andDuring reality is used, the conflict of the frequent change of various hardware system versions, makes intelligent IC coreSheet must be in open environment, can cause the data in practical communication easily to be intercepted and captured herein, leadsThe security that causes intelligent IC chip reduces.
Summary of the invention
The invention provides a kind of embedded intelligence security module, secure hardware device, safe numberAccording to treatment system and method for work thereof, the interface that can effectively promote embedded intelligence security module is held concurrentlyCapacitive, and promote the security that intelligent IC chip uses.
For achieving the above object, the invention provides a kind of embedded intelligence security module, bagDraw together: micro-control unit and intelligent IC chip, be provided with at least one on described micro-control unitDefault communication interface, described micro-control unit and described intelligent IC chip are default logical by firstLetter agreement communicates;
Described micro-control unit turns for the Data Analysis that described default communication interface is receivedBe translated into and be applicable to the data that the first default communication protocol is transmitted, and will be from described intelligent IC coreThe Data Analysis that sheet receives translates to and is applicable to the number that described default communication interface is transmittedAccording to;
Described default communication interface is the peripheral interface of described embedded intelligence security module.
Alternatively, described default communication interface comprises: UART interface, SPI interface, I2CInterface or USB interface.
Alternatively, the described first default communication protocol comprises: ISO7816 communication protocol.
Alternatively, on described intelligent IC chip, be connected with NFC antenna, to realize described intelligenceIC chip carries out contactless communication by the second default communication protocol and external equipment.
Alternatively, the described second default communication protocol comprises: ISO14443 communication protocol.
For achieving the above object, the present invention also provides a kind of secure hardware device, comprising:Be embedded into hardware device and above-mentioned embedded intelligence security module;
Described default communication interface with described in be embedded into hardware device peripheral interface be connected.
For achieving the above object, the present invention also provides a kind of secure data treatment system, bagDraw together: secure hardware device, described secure hardware device adopts above-mentioned secure hardware device.
For achieving the above object, the present invention also provides a kind of embedded intelligence security moduleMethod of work, described embedded intelligence security module adopts the safe mould of above-mentioned embedded intelligencePiece, described method of work comprises:
The Data Analysis that described micro-control unit receives described default communication interface translates toBe applicable to the data that the first default communication protocol is transmitted, and by the transfer of data after translating to described inIntelligent IC chip;
Described intelligent IC chip carries out corresponding position to the data that receive from described micro-control unitReason, and to the data after described micro-control unit feedback processing;
Described micro-control unit translates to the Data Analysis receiving from described intelligent IC chipBe applicable to the data that described default communication interface is transmitted, and by the transfer of data after translating extremelyThe hardware device being connected with described default communication interface.
For achieving the above object, the present invention also provides a kind of work of secure data treatment systemMake method, described secure data treatment system adopts above-mentioned secure data treatment system, described inMethod of work comprises:
User side is sent to pending data to be embedded into hardware device;
Described be embedded into hardware device by described default communication interface by described pending dataBe sent to described micro-control unit with protocol massages form;
Described micro-control unit is resolved and is translated the described pending data that receive, rawBecome corresponding APDU data command;
Described intelligent IC chip is by the described pending data acquisition in described APDU data commandBe encrypted with default security algorithm, generate the pending data of safety, and by described safetyPending data feedback is to described micro-control unit;
Described micro-control unit is resolved and is turned the pending data of described safety that receiveTranslate, and the packing of data Reseal after parsing is translated obtains data feedback message, described numberAccording to including the pending data of described safety in feedback message;
Described in described micro-control unit is sent to described data feedback message, being embedded into hardware establishesStandby;
Described being embedded into described in hardware device is sent to the described data feedback message receivingUser side, extracts the pending data of described safety for described user side;
Described user side is by user login information, the pending data of described safety and obtain in advanceThe facility information packing of the described embedded intelligence security module arriving, and be sent to server end;
Described server end is according to the safe mould of described embedded intelligence in the packet receivingThe facility information of piece, inquire with described embedded intelligence security module in described intelligent ICThe key that chip is corresponding, and based on described key, the pending data of described safety are carried out to true and false schoolTest;
If the pending data of described safety are by checking, described server end is from described safetyThe described pending data that in pending data, deciphering obtains;
The user that server end is corresponding to described user login information according to described pending dataAccount is carried out respective handling.
Alternatively, described user side is sent to pending data the step that is embedded into hardware deviceBefore rapid, also comprise:
User side is to the described hardware device transmitting apparatus information request message that is embedded into;
The described hardware device that is embedded into please by described facility information by described default communication interfaceAsk message to be sent to described micro-control unit;
Described micro-control unit is resolved and is translated described facility information request message, generatesCorresponding APDU request instruction;
Described intelligent IC chip, according to described APDU request instruction, is transferred out pre-storedThe facility information of described embedded intelligence security module, and by described embedded intelligence security moduleFacility information feed back to micro-control unit;
The equipment letter of described micro-control unit to the described embedded intelligence security module receivingBreath is resolved and is translated, and data Reseal after parsing is translated is packed and obtained facility informationFeedback message, includes described embedded intelligence security module in described facility information feedback messageFacility information;
Described in described micro-control unit is sent to described facility information feedback message, be embedded into hardPart equipment;
The described hardware device that is embedded into is sent to the described facility information feedback message receivingDescribed user side.
The present invention has following beneficial effect:
The invention provides a kind of embedded intelligence security module, secure hardware device, safetyData handling system and method for work thereof, wherein this embedded intelligence security module comprises: micro-controlUnit processed and intelligent IC chip, be provided with at least one default communication interface on micro-control unit,This default communication interface is as the peripheral interface of embedded intelligence security module, micro-control unit withIntelligent IC chip communicates by the first default communication protocol, and micro-control unit is for being responsible forBetween micro-control unit and intelligent IC chip, the parsing of data is translated. Technical side in the present inventionCase is by be provided for carrying out the micro-control unit that Data Analysis is translated on intelligent IC chip,And periphery using the default communication interface on micro-control unit as embedded intelligence security moduleInterface, thus the interface compatibility of embedded intelligence security module can effectively be promoted. Same therewithTime, because intelligent IC chip is encapsulated in embedded intelligence security module, at contact conditionsThe lower accurate enclosed environment that only can access by microcontroller that formed, external equipment cannot directly cutObtain the data in intelligent IC chip, thereby greatly improved the security that intelligent IC chip uses.Meanwhile, by NFC antenna is set on intelligent IC chip, this NFC antenna has ensuredIntelligent IC antenna, without again changing hardware, can directly carry out non-contact application.
Brief description of the drawings
Fig. 1 is the structured flowchart of a kind of embedded intelligence security module in prior art;
The structure of a kind of embedded intelligence security module that Fig. 2 provides for the embodiment of the present invention oneBlock diagram;
The work of a kind of embedded intelligence security module that Fig. 3 provides for the embodiment of the present invention twoThe flow chart of method;
The structured flowchart of a kind of secure hardware device that Fig. 4 provides for the embodiment of the present invention three;
The work side of a kind of secure data treatment system that Fig. 5 provides for the embodiment of the present invention fourThe flow chart of method;
Fig. 6 is the schematic diagram of user side when secure hardware device is operated;
The work side of a kind of secure data treatment system that Fig. 7 provides for the embodiment of the present invention fiveThe flow chart of method.
Detailed description of the invention
For making those skilled in the art understand better technical scheme of the present invention, knot belowClose accompanying drawing to a kind of embedded intelligence security module provided by the invention, secure hardware device, peaceAll data treatment system and method for work thereof are described in detail.
For a better understanding of the present invention, first the intelligent IC chip in the present invention is retouched belowState. In the present invention, intelligent IC chip is for (comprising: embedded intelligence secure hardware deviceSecurity module and be embedded into hardware device) in critical data carry out safety management, i.e. these passesThe Storage and Processing of key data all completes in intelligent IC chip. Wherein, this intelligent IC chipCan realize data storage, security strategy is provided, data verification (certification), data encrypting and deciphering etc.Function.
Embodiment mono-
The structure of a kind of embedded intelligence security module that Fig. 2 provides for the embodiment of the present invention oneBlock diagram, as shown in Figure 2, this embedded intelligence security module comprises: micro-control unit 3(MicrocontrollerUnit is called for short MCU) and intelligent IC chip 1, micro-control unitOn 3, be provided with at least one default communication interface 4, micro-control unit 3 and intelligent IC chip 1Communicate by the first default communication protocol. Wherein, micro-control unit 3 is logical for presettingIt is default for being applicable to first that the Data Analysis that letter interface 4 receives is translated (message format conversion)The data that communication protocol is transmitted, and the Data Analysis receiving from intelligent IC chip 1 is turnedTranslate the data that (message format conversion) transmits for being applicable to default communication interface 4.
It should be noted that, in the present invention, micro-control unit 3 will be preset communication interface 4 and receiveTo Data Analysis translate to and be applicable to the data that the first default communication protocol is transmitted, and will be fromThe Data Analysis that intelligent IC chip receives translates to and is applicable to default communication interface and transmitsData time the parsing that adopts translate rule, it can be according to default communication interface 4 and firstThe type of default communication protocol is set in advance, and concrete assignment procedure is not retouched herein in detailState.
Alternatively, the first default communication protocol comprises: ISO7816 communication protocol.
In the present embodiment, the default communication interface 4 on micro-control unit 3 is as embeddedThe peripheral interface of intelligent and safe module, for being connected with the peripheral interface that is embedded into hardware device.Now, due to the communication protocol that can realize on micro-control unit 3 have multiple, corresponding micro-controlInterface on unit processed can be multiple, therefore can greatly promote embedded intelligence security moduleInterface compatibility, simultaneously also more convenient user's use.
In addition, because intelligent IC chip 1 is encapsulated in embedded intelligence security module,Intelligent IC chip 1 has formed the standard that only can access by micro-control unit 3 under contact conditionsEnclosed environment, external equipment cannot directly be intercepted and captured the data in intelligent IC chip 1, thereby largeImprove greatly the security of intelligent IC chip 1. Meanwhile, to intelligent IC chip 1Carry out after application upgrade and maintenance, only needing micro-control unit 3 to debug can (microcontrollerUnit debugging is relatively simple), and without debugging being embedded into hardware device, thereby greatlyReduce debugging work load.
In the present embodiment, for making the compatibility of embedded intelligence security module more excellent,Can make default communication interface 4 on micro-control unit 3 select that more real-life commonInterface. Alternatively, this default communication interface 4 comprises: UART interface, SPI interface, I2CInterface or USB interface.
In addition, multiple differences can be set on micro-control unit 3 in the present embodiment presets logicalLetter interface 4 (default communication interface quantity is that multiple situations does not provide respective drawings), therebyCan further promote the interface compatibility of embedded intelligence security module.
Alternatively, on intelligent IC chip 1, be provided with NFC antenna 5, to realize intelligent ICChip 1 carries out contactless communication by the second default communication protocol and external equipment. Further canSelection of land, the second default communication protocol comprises: ISO14443 communication protocol. In the present invention,By NFC antenna 5 is set on intelligent IC chip 1, can make this embedded intelligence safetyModule can be carried out contactless communication, has greatly increased the reality of this embedded intelligence security moduleThe property used.
The embodiment of the present invention one provides a kind of embedded intelligence security module, wherein this embeddingFormula intelligent and safe module comprises: micro-control unit and intelligent IC chip, on micro-control unit, establishBe equipped with at least one default communication interface, this default communication interface is as the safe mould of embedded intelligenceThe peripheral interface of piece, micro-control unit and intelligent IC chip enter by the first default communication protocolSerial Communication, micro-control unit is for being responsible for data between micro-control unit and intelligent IC chipParsing is translated. Technical scheme in the present invention is undertaken by being provided on intelligent IC chipThe micro-control unit that Data Analysis is translated, and using the default communication interface on micro-control unit asThe peripheral interface of embedded intelligence security module, thus embedded intelligence safety can effectively be promotedThe interface compatibility of module. Meanwhile, because intelligent IC chip is encapsulated in embedded intelligenceCan in security module, under contact conditions, form the standard envelope that only can access by micro-control unitClosed loop border, external equipment cannot directly be intercepted and captured the data in intelligent IC chip, thereby greatly carriesThe high security of intelligent IC chip.
Embodiment bis-
The work of a kind of embedded intelligence security module that Fig. 3 provides for the embodiment of the present invention twoThe flow chart of method, as shown in Figure 3, this embedded intelligence security module adopts above-described embodimentEmbedded intelligence security module in one, concrete structure can, referring to the content in embodiment mono-, be somebody's turn to doEmbedded intelligence security module method of work comprises:
The Data Analysis that step 101, micro-control unit receive default communication interface translates toBe applicable to the data that the first default communication protocol is transmitted, and by extremely intelligence of the transfer of data after translatingIC chip.
Because the peripheral interface of embedded intelligence security module is default the leading on micro-control unitLetter interface, being therefore embedded into the data (instruction) that hardware device sends can be first by microcontroller listUnit receives. But, due to the message format that is embedded into the data that hardware device sends notCan be applicable to the first default communication protocol, therefore micro-control unit that intelligent IC chip is supportedThe Data Analysis that need to first default communication interface be received translates to and was applicable to for the first default leading toLetter agreement transmit data, and by the transfer of data after translating to intelligent IC chip, for intelligenceCan carry out corresponding processing by IC chip.
Step 102, intelligent IC chip carry out corresponding to the data that receive from micro-control unitProcess, and to the data after micro-control unit feedback processing.
Intelligent IC chip, receiving after the data of micro-control unit transmission, is carried out and is located accordinglyReason operation, and after handling process finishes to the data after micro-control unit feedback processing.
Step 103, micro-control unit are translated the Data Analysis receiving from intelligent IC chipThe data of transmitting for being applicable to default communication interface, and by the transfer of data after translating toThe hardware device that default communication interface connects.
The message format of the data of sending due to intelligent IC chip, can not be applicable to micro-controlThe default communication interface of unit processed be embedded into communicating by letter between the peripheral interface of hardware device, because ofThis micro-control unit needs first the Data Analysis receiving from intelligent IC chip to be translated to applicableThe data of transmitting in default communication interface, and then the data after translating are led to by defaultLetter interface transfers to and is embedded into hardware device.
In the present embodiment, by intelligent IC chip and be embedded between hardware device and arrangeMicro-control unit, reaches with the communication that is connected of intelligent IC chip thereby make to be embedded into hardware deviceBe available convenient to embedding. Meanwhile, the logical of hardware device and intelligent IC chip will be embedded intoLetter mode becomes via the secondary communication after micro-control unit conversion, thereby gives intelligent IC chipMany one deck protections, and reach the requirement of accurate enclosed environment, and then it is logical to reduce intelligent IC chipThe probability that in letter, data are intercepted and captured, has improved security.
Embodiment tri-
The structured flowchart of a kind of secure hardware device that Fig. 4 provides for the embodiment of the present invention three,As shown in Figure 4, this secure hardware device comprises: be embedded into hardware device 6 and embedded intelligenceSecurity module 7, wherein, this embedded intelligence security module 7 comprises: micro-control unit 3 HesIntelligent IC chip 1, is provided with at least one default communication interface 4 on micro-control unit 3, shouldPreset communication interface 4 as the peripheral interface of embedded intelligence security module 7 and be embedded into hardwareThe peripheral interface of equipment 6 connects, and micro-control unit 3 is pre-by first with intelligent IC chip 1If communication protocol communicates.
Alternatively, on intelligent IC chip 1, be also provided with NFC antenna 5, to make intelligent ICChip 1 can carry out contactless communication.
It should be noted that the concrete knot of the embedded intelligence security module 7 in the present embodimentStructure and the course of work, can be referring to the content in above-described embodiment one and embodiment bis-, herein no longerRepeat.
The embodiment of the present invention three also provides a kind of secure data treatment system, this secure dataTreatment system comprises: secure hardware device, user side and server end, wherein this secure hardwareDevice can adopt the secure hardware device shown in Fig. 4, particular content can referring to aforementioned corresponding inHold, repeat no more herein.
Embodiment tetra-
The work side of a kind of secure data treatment system that Fig. 5 provides for the embodiment of the present invention fourThe flow chart of method, Fig. 6 is the schematic diagram of user side when secure hardware device is operated, asShown in Fig. 5 and Fig. 6, the method for work of the secure data treatment system that the present embodiment provides is suitable forIn supplementing application with money, paying the industry higher to data security requirement such as application, safety certificationIn business, this secure data treatment system adopts the secure data in above-described embodiment three to process systemSystem, particular content can, referring to the content in above-described embodiment three, repeat no more herein. This safetyThe method of work of data handling system comprises:
Step 201: user side is sent to pending data to be embedded into hardware device.
Better understand technical scheme of the present invention, this enforcement for ease of those skilled in the artExample realizes certain user account is withholdd as example with secure data treatment system, to each stepCarry out corresponding description.
First, user side 9 can, for this behavior of withholing, generate a corresponding pending numberAccording to, this pending packet contains the information such as operation, deducted amount of withholing; Then, employing hasThe mode of line or radio communication is sent to these pending data to be embedded into hardware device 6.
Step 202: be embedded into hardware device by default communication interface by pending data with associationView message form is sent to micro-control unit.
Receive after pending data being embedded into hardware device 6, be embedded into hardware device 6Pending data can encapsulates to packing, can be preset to form that communication interface supportMessage format, and this is sent to micro-control unit 3 by pending data.
In the present embodiment, this default communication interface can be selected from UART interface, SPI interface, I2CInterface or USB interface.
It should be noted that, in above-mentioned steps 201, if pending data are with can be byThe message format that default communication interface is supported is sent to and is embedded into hardware device 6 from user side 9Time, in step 202, embed hardware device 6 can be directly by pending data with former message latticeFormula is carried out transparent transmission.
Step 203: micro-control unit is resolved and translated the pending data that receive, rawBecome corresponding APDU data command.
Micro-control unit 3 receives with after the next pending data of protocol massages form transmission,Micro-control unit 3 is resolved and is translated the pending data that receive, corresponding to organize outAPDU data command. Wherein, resolve that to translate rule be according to default communication interface and first pre-If the type of communication protocol sets in advance. It should be noted that, will be with in the present embodimentOne default communication protocol is that ISO7816 communication protocol is that example describes.
Pending Data Analysis is translated to corresponding APDU data command by micro-control unit 3(pending data exist to meet the form of APDU instruction format), so that microcontroller listBetween unit 3 and intelligent IC chip 1, carry out transfer of data. It should be noted that APDU instructionCan under ISO7816 communication protocol, transmit.
Step 204: intelligent IC chip is used pre-to the pending data acquisition in APDU data commandIf security algorithm is encrypted, generate the pending data of safety, and will the pending number of safetyAccording to feeding back to micro-control unit.
Intelligent IC chip 1 can carry out corresponding data processing receiving after APDU instruction.Particularly, intelligent IC chip 1 is used pre-by the pending data acquisition containing band in APDU data commandIf security algorithm is encrypted, obtain the pending data of safety, and by pending this safetyData are with pre-specified protocol format (can be applicable to the first default communication protocol) feedbackTo micro-control unit 3.
Wherein, default security algorithm can be DES security algorithm, RSA security algorithm or ASESecurity algorithm.
Step 205: micro-control unit is resolved and turned the pending data of the safety receivingTranslate, and the packing of data Reseal after parsing is translated obtains data feedback message.
Micro-control unit 3 is translated pending safety Data Analysis, and after parsing is translatedThe packing of data Reseal obtains data feedback message, in this data feedback message, includes safetyPending data, this data feedback message can transmit in default communication interface.
Step 206: micro-control unit is sent to data feedback message to be embedded into hardware device.
Micro-control unit 3 is sent to data feedback message to be embedded into by default communication interfaceHardware device 6.
Step 207: be embedded into hardware device the data feedback message receiving is sent to userEnd.
Be embedded into hardware device 6 the data feedback message receiving is sent to user side 9, withExtract the pending data of safety for user side 9.
Step 208: user side is by user login information, safety pending data and obtaining in advanceThe facility information packing of the embedded intelligence security module arriving, and be sent to server end.
Because user holds 9 o'clock user, in advance by user login information (with clothesThe user account coupling of business device end storage) input in corresponding application program, therefore userEnd 9 receives after data feedback message, and user side 9 is by pending to user login information, safetyThe facility information of data and the embedded intelligence security module 7 that gets is in advance packed, andBy corresponding Packet Generation to server end 8.
Step 209: server end is according to the safe mould of embedded intelligence in the packet receivingThe facility information of piece, inquires corresponding with the intelligent IC chip in embedded intelligence security moduleKey, based on key, the pending data of safety are carried out to true and false verification.
First user login information, safety that, server end 8 extracts in packet are waited to locateThe facility information of reason data and embedded intelligence security module. Then, server end 8 passes throughThe mode of question blank inquire with corresponding embedded intelligence security module 7 in intelligent IC chipThe key of 1 correspondence; Then, employing is identical with the default security algorithm in intelligent IC chip 1Algorithm the pending data of safety are carried out to true and false verification.
If the key based on inquiring can successfully be decrypted the pending data of safety,Illustrate safety pending data be secure data, now server end 8 by computing to restorePending data, continue to carry out following step 210. Otherwise the pending data of safety are uneasyAll data, server end 8 is to the prompting of client feeds back operation failure, and flow process finishes.
Step 210: the user that server end is corresponding to user login information according to pending dataAccount is carried out respective handling.
Decrypt after pending data at server end 8, server end 8 can be waited to locate according to thisManage data and receive before user login information, the user account corresponding to this user login informationThe family operation of withholing accordingly.
It should be noted that, above-mentioned pending packet is containing withholing the letters such as operation, deducted amountThe situation of breath only plays exemplary effect, and this can't produce limit to technical scheme of the present inventionSystem.
Embodiment five
The work side of a kind of secure data treatment system that Fig. 7 provides for the embodiment of the present invention fiveThe flow chart of method, as shown in Figure 7, the method for work of the secure data treatment system shown in Fig. 7Not only comprise the step 201~step 210 in Fig. 5, before step 201, also comprise: stepRapid 2001~step 2007.
Step 2001: user side is to being embedded into hardware device transmitting apparatus information request message.
Continue referring to Fig. 6, user side 9 calls the application programming interface of self(ApplicationProgrammingInterface is called for short KPI), to generate oneCorresponding facility information request message, and this facility information request message is sent to and is embedded into firmlyPart equipment 6.
Step 2002: be embedded into hardware device by presetting communication interface by facility information requestMessage is sent to micro-control unit.
If the message format of the facility information request message generating in step 2001 can be presetWhen communication interface is supported, be embedded into hardware device 6 directly by facility information request message transparent transmissionTo micro-control unit 3; If the message lattice of the facility information request message generating in step 2001When formula can not be supported by default communication interface, being embedded into hardware device 6 need to believe equipmentThe message format of breath request message is adjusted accordingly, so that the facility information after adjustment is askedAsk message to be supported by default communication interface, and by the facility information request message after adjustingBe sent to micro-control unit 3.
Step 2003: micro-control unit is resolved and translated facility information request message, rawBecome corresponding APDU request instruction.
Micro-control unit 3 receives after facility information request message, and micro-control unit 3 docksThe facility information request message of receiving is resolved and is translated, to organize out corresponding APDU requestInstruction (facility information request message exists to meet the form of APDU instruction format). Wherein,It is according to the type of default communication interface and the first default communication protocol in advance that rule is translated in parsingSet.
Step 2004: intelligent IC chip, according to APDU request instruction, is transferred out pre-storedThe facility information of embedded intelligence security module, and by the equipment of embedded intelligence security moduleInformation feeds back to micro-control unit.
Intelligent IC chip 1 can carry out corresponding data processing receiving after APDU instruction.Particularly, intelligent IC chip 1 is carried out and is transferred embedded intelligence safety according to APDU request instructionThe flow process of the facility information of module 7, and establishing the embedded intelligence security module 7 of transferring outStandby information is anti-with pre-specified protocol format (can be applicable to the first default communication protocol)Be fed to micro-control unit 3.
Step 2005: the equipment of micro-control unit to the embedded intelligence security module receivingInformation is resolved and is translated, and the packing of data Reseal after parsing is translated obtains equipment letterBreath feedback message.
Micro-control unit 3 carries out the facility information of the embedded intelligence security module receivingParsing is translated, and the packing of data Reseal after parsing is translated obtains facility information feedback reportLiterary composition, this facility information feeds back the facility information that includes embedded intelligence security module in message.This facility information feedback message can transmit in default communication interface.
Step 2006: micro-control unit feeds back message by facility information and is sent to and is embedded into hardwareEquipment.
Micro-control unit 3 by default communication interface by facility information feed back message be sent to byEmbed hardware device 6.
Step 2007: be embedded into hardware device the facility information feedback message receiving is sentTo user side.
Be embedded into hardware device 6 the data feedback message receiving is sent to user side 9, withExtract the facility information of embedded intelligence security module 7 for user side 9.
Can make user side obtain embedded intelligence by above-mentioned steps 2001~step 2007The facility information of security module 7, for using in postorder flow process.
For the description of step 201~step 210 in the present embodiment, can be referring to above-described embodimentCorresponding contents in four repeats no more herein.
The work of the secure data treatment system providing at the embodiment of the present invention four and embodiment fiveMake in method the environment for use of intelligent IC chip be as the criterion enclosed environment and this intelligent IC chipThe message of communicating by letter with the external world only has server end to decipher or to authenticate, therefore the peace in the present inventionDevices at full hardware device has higher security performance. In addition at user side, secure hardware device is entered,When line operate, only need to generate the discernible unified specification safe packet of (tissue) micro-control unit, therefore lower to the demand of user side, more convenient user uses.
Be understandable that, above embodiment be only used to illustrate principle of the present invention andThe illustrative embodiments adopting, but the present invention is not limited thereto. For in this areaThose of ordinary skill, without departing from the spirit and substance in the present invention, can doGo out various modification and improvement, these modification and improvement are also considered as protection scope of the present invention.
Claims (10)
1. an embedded intelligence security module, is characterized in that, comprising: micro-control unitWith intelligent IC chip, on described micro-control unit, be provided with at least one default communication interface,Described micro-control unit and described intelligent IC chip lead to by the first default communication protocolLetter;
Described micro-control unit turns for the Data Analysis that described default communication interface is receivedBe translated into and be applicable to the data that the first default communication protocol is transmitted, and will be from described intelligent IC coreThe Data Analysis that sheet receives translates to and is applicable to the number that described default communication interface is transmittedAccording to;
Described default communication interface is the peripheral interface of described embedded intelligence security module.
2. embedded intelligence security module according to claim 1, is characterized in that,Described default communication interface comprises: UART interface, SPI interface, I2C interface or USB interface.
3. embedded intelligence security module according to claim 1, is characterized in that,The described first default communication protocol comprises: ISO7816 communication protocol.
4. embedded intelligence security module according to claim 1, is characterized in that,On described intelligent IC chip, be connected with NFC antenna, to realize described intelligent IC chip by theTwo default communication protocols and external equipment carry out contactless communication.
5. embedded intelligence security module according to claim 4, is characterized in that,The described second default communication protocol comprises: ISO14443 communication protocol.
6. a secure hardware device, is characterized in that, comprising: be embedded into hardware device andArbitrary described embedded intelligence security module in claim 1-5;
Described default communication interface with described in be embedded into hardware device peripheral interface be connected.
7. a secure data treatment system, is characterized in that, comprising: as aforesaid right is wantedAsk the secure hardware device described in 6.
8. a method of work for embedded intelligence security module, is characterized in that, described embeddingEnter formula intelligent and safe module and adopt arbitrary described embedded intelligence in the claims 1-6Security module, described method of work comprises:
The Data Analysis that described micro-control unit receives described default communication interface translates toBe applicable to the data that the first default communication protocol is transmitted, and by the transfer of data after translating to described inIntelligent IC chip;
Described intelligent IC chip carries out corresponding position to the data that receive from described micro-control unitReason, and to the data after described micro-control unit feedback processing;
Described micro-control unit translates to the Data Analysis receiving from described intelligent IC chipBe applicable to the data that described default communication interface is transmitted, and by the transfer of data after translating extremelyThe hardware device being connected with described default communication interface.
9. a method of work for secure data treatment system, is characterized in that, described safetyData handling system adopts the secure data treatment system described in the claims 7, described inMethod of work comprises:
User side is sent to pending data to be embedded into hardware device;
Described be embedded into hardware device by described default communication interface by described pending dataBe sent to described micro-control unit with protocol massages form;
Described micro-control unit is resolved and is translated the described pending data that receive, rawBecome corresponding APDU data command;
Described intelligent IC chip is to the described pending data acquisition in described APDU data commandBe encrypted with default security algorithm, generate the pending data of safety, and by described safetyPending data feedback is to described micro-control unit;
Described micro-control unit is resolved and is turned the pending data of described safety that receiveTranslate, and the packing of data Reseal after parsing is translated obtains data feedback message, described numberAccording to including the pending data of described safety in feedback message;
Described in described micro-control unit is sent to described data feedback message, being embedded into hardware establishesStandby;
Described being embedded into described in hardware device is sent to the described data feedback message receivingUser side, extracts the pending data of described safety for described user side;
Described user side is by user login information, the pending data of described safety and obtain in advanceThe facility information packing of the described embedded intelligence security module arriving, and be sent to server end;
Described server end is according to the safe mould of described embedded intelligence in the packet receivingThe facility information of piece, inquire with described embedded intelligence security module in described intelligent ICThe key that chip is corresponding, and based on described key, the pending data of described safety are carried out to true and false schoolTest;
If the pending data of described safety are by checking, described server end is from described safetyThe described pending data that in pending data, deciphering obtains;
The user that server end is corresponding to described user login information according to described pending dataAccount is carried out respective handling.
10. the method for work of secure data treatment system according to claim 9, its spyLevy and be, before pending data are sent to the step that is embedded into hardware device by described user sideAlso comprise:
User side is to the described hardware device transmitting apparatus information request message that is embedded into;
The described hardware device that is embedded into please by described facility information by described default communication interfaceAsk message to be sent to described micro-control unit;
Described micro-control unit is resolved and is translated described facility information request message, generatesCorresponding APDU request instruction;
Described intelligent IC chip, according to described APDU request instruction, is transferred out pre-storedThe facility information of described embedded intelligence security module, and by described embedded intelligence security moduleFacility information feed back to micro-control unit;
The equipment letter of described micro-control unit to the described embedded intelligence security module receivingBreath is resolved and is translated, and data Reseal after parsing is translated is packed and obtained facility informationFeedback message, includes described embedded intelligence security module in described facility information feedback messageFacility information;
Described in described micro-control unit is sent to described facility information feedback message, be embedded into hardPart equipment;
The described hardware device that is embedded into is sent to the described facility information feedback message receivingDescribed user side.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511006076.6A CN105654168B (en) | 2015-12-25 | 2015-12-25 | Embedded intelligence security module, secure hardware device, system and working method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511006076.6A CN105654168B (en) | 2015-12-25 | 2015-12-25 | Embedded intelligence security module, secure hardware device, system and working method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105654168A true CN105654168A (en) | 2016-06-08 |
| CN105654168B CN105654168B (en) | 2019-05-03 |
Family
ID=56478330
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511006076.6A Active CN105654168B (en) | 2015-12-25 | 2015-12-25 | Embedded intelligence security module, secure hardware device, system and working method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105654168B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106249640A (en) * | 2016-07-22 | 2016-12-21 | 金邦达有限公司 | A kind of processor and processing method thereof and smart machine |
| CN106650461A (en) * | 2016-11-23 | 2017-05-10 | 北京握奇智能科技有限公司 | Mobile terminal and access method of embedded type security module based on same |
| CN111966619A (en) * | 2020-08-10 | 2020-11-20 | 北京北方华创微电子装备有限公司 | Information interaction method and device |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1302406A (en) * | 1998-05-22 | 2001-07-04 | 波系统股份有限公司 | Method and system for secure transactions in computer system |
| CN101667163A (en) * | 2009-10-19 | 2010-03-10 | 北京华大智宝电子系统有限公司 | Encrypting and authenticating equipment with dual safety chips |
| CN203287939U (en) * | 2013-05-06 | 2013-11-13 | 中国移动通信集团湖北有限公司 | Mobile payment full-card supporting single-wire transport protocol |
| CN103942484A (en) * | 2014-04-24 | 2014-07-23 | 刘宏伟 | Security auxiliary device using mobile phone as carrier and identity authentication method |
| CN204480283U (en) * | 2015-03-03 | 2015-07-15 | 南京中科微电子有限公司 | A kind of safe read-write device based on RFID technique |
| CN104915604A (en) * | 2015-05-08 | 2015-09-16 | 深圳市鼎芯无限科技有限公司 | Security application method and security control electronic equipment |
-
2015
- 2015-12-25 CN CN201511006076.6A patent/CN105654168B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1302406A (en) * | 1998-05-22 | 2001-07-04 | 波系统股份有限公司 | Method and system for secure transactions in computer system |
| CN101667163A (en) * | 2009-10-19 | 2010-03-10 | 北京华大智宝电子系统有限公司 | Encrypting and authenticating equipment with dual safety chips |
| CN203287939U (en) * | 2013-05-06 | 2013-11-13 | 中国移动通信集团湖北有限公司 | Mobile payment full-card supporting single-wire transport protocol |
| CN103942484A (en) * | 2014-04-24 | 2014-07-23 | 刘宏伟 | Security auxiliary device using mobile phone as carrier and identity authentication method |
| CN204480283U (en) * | 2015-03-03 | 2015-07-15 | 南京中科微电子有限公司 | A kind of safe read-write device based on RFID technique |
| CN104915604A (en) * | 2015-05-08 | 2015-09-16 | 深圳市鼎芯无限科技有限公司 | Security application method and security control electronic equipment |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106249640A (en) * | 2016-07-22 | 2016-12-21 | 金邦达有限公司 | A kind of processor and processing method thereof and smart machine |
| CN106249640B (en) * | 2016-07-22 | 2019-10-18 | 金邦达有限公司 | A kind of processor and its processing method and smart machine |
| CN106650461A (en) * | 2016-11-23 | 2017-05-10 | 北京握奇智能科技有限公司 | Mobile terminal and access method of embedded type security module based on same |
| CN111966619A (en) * | 2020-08-10 | 2020-11-20 | 北京北方华创微电子装备有限公司 | Information interaction method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105654168B (en) | 2019-05-03 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CA2926206C (en) | A system and method for nfc peer-to-peer authentication and secure data transfer | |
| US9830165B2 (en) | USB communications tunneling through USB printer device class | |
| CN105260250B (en) | A kind of dual system communication device of linux system and android system | |
| CN105592403B (en) | NFC-based communication device and method | |
| CN102523092B (en) | Audio-based non-contact integrated circuit (IC) card and mobile authentication data transmission device | |
| CN105654168A (en) | Embedded intelligent safety module, safety hardware device, safe data processing system and operation method of embedded intelligent safety module | |
| WO2012019397A1 (en) | Method and system for identifying radio frequency identification tag | |
| CN111160508B (en) | Dual-chip safe SIM card | |
| CN105516179B (en) | A kind of data safe transmission system and method for guarding against intrusion from network | |
| CN103198574B (en) | Be embedded with the remote-control intelligent water meter of information security management module | |
| CN112383914B (en) | Password management method based on secure hardware | |
| CN201150068Y (en) | Multifunctional information safety equipment | |
| CN101197742B (en) | System and method for transmitting additional data between equipments through Ethernet interface | |
| CN111181956A (en) | Wireless multi-service data encryption system and method applied to relay protection device | |
| KR101803286B1 (en) | Smartcard Interface Conversion Device, Embedded system having the same device and Method used in the same device | |
| KR20170105393A (en) | Method and system for authentication of a storage device | |
| CN105160585A (en) | Cross-platform smart card personalized production system and control method | |
| CN109976230A (en) | A kind of Internet of Things smart machine | |
| CN111818517B (en) | Multi-channel secure communication module, communication system and method | |
| TWM561854U (en) | Verification device built-in with electronic identity card information | |
| CN111163462B (en) | Network distribution method and related product | |
| JP6241340B2 (en) | Information processing apparatus, information processing method, and information processing program | |
| CN203038378U (en) | Encryption type DTU module capable of performing external programming | |
| CN101587532B (en) | Controller special for storage card, and control method and control system for storage card | |
| CN114244521B (en) | Encryption system implementation method applied to edge calculation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information |
Inventor after: Ren Ming Inventor after: Bai Xianggun Inventor after: Li Yuangang Inventor before: Ren Ming Inventor before: Bai Xianggun |
|
| CB03 | Change of inventor or designer information | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |